Skip to main content

tv   Washington This Week  CSPAN  November 16, 2014 3:19am-5:31am EST

3:19 am
the price down even faster. if you are the supreme leader and you are playing this out, i think that you want to keep possibility of a cooperation against isis out there in the hopes that it will give you some advantage. but you don't want that to be explicit. if you had a model here, think of president kennedy removing the missiles in turkey. they were separate announcements, six months apart,
3:20 am
complete deniability. if i was the united states or the iranians i would want to keep it that way. >> mark, in your presentation you mentioned that in iraq and the united states and iran are kind of tacitly in alignment supporting the central government, perceived as a broader shiite government. in syria the interests begin to diverge over the future of assad. how do you see that tension playing out over time, particularly when you have u.s. forces in iraq where you also have iranian forces. some inadvertent action that run up against each other -- how do you see these issues getting worked out over time? >> he makes this intriguing
3:21 am
prospect of american forces in iraq somehow not fighting advisers there are going to be engaged in combat. that is very much a disagreement depending on whether you talk to someone at the pentagon are at the white house. certainly the chairman of the joint chiefs of staff have indicated that the pentagon envisions they will be working with iraqi forces on the ground, calling in airstrikes. that raises some very interesting prospects for whatever they are doing to beat back isis in iraq. i think the real question that we can't answer at this point is to what extent does the syria -- what is the ground picture in
3:22 am
syria? ground. it is hard to imagine that he is going to go back on that. but a lot can happen in two years. the question is if there was a military presence in syria, who will they be fighting and to what extent does this issue of a collision course -- assad remains at the center of the picture. it is in my mind in the reporting i've seen -- i still haven't quite figured out how whatever force that has been trained to be the boots on the ground, what they are going to do, and you they are going to fight, and how that is going to
3:23 am
be worked out with either an american presence or the presence of another arab nation. if you can imagine -- iraq is actually an easier thing to envision in syria, which is a far more complicated prospect. >> thank you. let's open to the floor for questions and comments. if the speakers could please identify themselves. >> thank you. it was announced earlier this week that they have agreed to construct eight new nuclear reactors in iran. what are the impacts of that announcement?
3:24 am
>> david, you broke the story earlier this week about the possibility of fissile material going to russia, and now this new development that they could build reactors, because one of the issues has been iran -- this opens the door to the possibility there might be some practical needs for the fuel cycle program. what's your take? >> it's an excellent question and i think that the upside of this for the iranians has been
3:25 am
we're enriching fuel for a set of reactors that do not exist. the russian supply it and will be supplying it through 2021. now the agreement that was announced was a bit vague. it talked initially about two reactors, the possibility of moving up to eight. we know from our own experience here in the united states, we know from the japanese experience and the european experience it's a lot easier to announce reactors than to build reactors, although it would be interesting to see if a not in my backyard movement crops up in iran. that would be an interesting story. it creates a rational of sorts under which the iranians could justify going up to the supreme leaders 190,000 centrifuges as a
3:26 am
rational for fueling these when they get built. it takes so long to build them, they would have plenty of time to do this. to that degree it helps. the other side is the iranians are inefficient producers of uranium. if they wanted to do this at a cheaper price they would buy the nuclear fuel on the open market. there is a glut oist, particularly after the japanese closed down so many of their reactors. but there was a glut before that time. and so it doesn't make a lot of sense for the iranians to be producing this inefficiently, shipping it to russia, having it fabricated into this specialty fuel to fuel these reactors. but if, in fact, it is a way of maintaining control and people can see what they are producing, if it's regularly leaving the country, we have a high confidence level the russians are doing this correctly, then it's a potential solution. and there is no reason that the iranians shouldn't be allowed to
3:27 am
produce this assuming there is an understanding about what happens to the spent fuel so it doesn't turn into plutonium fuel. >> may i add my sympathies about michael. he was a member of our iran task force and very helpful in that regard. to david, how important is it that this declarified are you surprised that obviously nothing would happen until november 24, is it necessary for the findings to be publicized at some point? could they be kept quietly? could this be a long process that does not lose face for the iranians who insist they never intended to build nuclear weapons?
3:28 am
>> very good question. this is i think in many ways the toughest issue for the iranians, because if you believe the intelligence, and there is a big if there, prior to 2004 there was something that resembled the manhattan project, if you believe the intelligence and we won't know that until you get that amount of data. there are three levels to answer your question. one is should they have to respond to this because it's an i.a.e.a. investigation and they've said they would answer the questions. secondly, and i think for my own
3:29 am
personal view and as a reporter not that it makes a difference, if you are going to enforce those norms in the future against other states, i think giving somebody a pass is problematic because then you have to justify it the next time and the time after that. the second question is do you make it public? that adds to the embarrassment question. in a post wickileaks, post snowden world operating with an organization that has 180 some odd members whose own control over information has been bless them, a little bit he has than full.s than it's been the mark and david employment act over the years and you too when you were a full time reporter. it is a very important source of information whether they intend to be at times or not, i can't imagine that information would stay secret forever.
3:30 am
it boggles the mind to imagine that. and the third question is even if you don't reveal the history, do you want to make sure that the iaea is constantly interviewing the scientists who worked on those programs to make sure they are gainfully employed on something other than a nuclear weapons projects. and so far they have not been able to interview any of them and the iranians have made the point when their scientists show up in public some place the sticky bomb ends up on the side of their car. they have some good reasons to not want to reveal who their scientists are. >> we have an overflow room. let me take a question from there. we talked about the muddle through scenarios. let's talk about the politics of
3:31 am
that both here and in iran. there is an interim deal that pockets whatever progress has been made and opens the door to future negotiations on outstanding issues, how will that play here and potentially there? it would be a delicate balancing act because on one hand you'd want to maintain the sanction structure to maintain the pressure on iran but there would have to be something in it for iran to go along with it. and the politics here particularly with the changing congress are complicated on the iranian side. it's the politically loaded question we've discussed it to be. how do you see an interim option sort of playing out if that's the outcome on november 24? >> i think this would be tough with congress because a partial deal by necessity will not have
3:32 am
a lot of specificity about time lines and sharp measures so you are in the position of lifting some sanctions without complete clarity unless some complete clarity is announced about what the iranians do in return. for them it would be difficult as well because presumably the u.s. position and the p 5 plus 1 position would be we can't discuss permanent lifting of sanctions until you have a permanent deal. i'm not sure they want to live with a temporary lifting of sanctions that could be easily reversed. i don't know how the rest of the region would feel but i think they would be nervous. >> i think they would be very nervous. any attempt by iran to read the u.s. political situation would
3:33 am
be quite difficult, like what it means for them, the republican takeover of the senate just as it is for our own political analyst to read the political situation. i think whether iran sees benefit or risk of the new congress, i think that they -- i think once again it goes to rob's point of it's important for them to realize the opportunity when they have it. >> i think we'll close it there. i'll turn to my colleague, the director of the middle east program for closing remarks. and i should add it was the middle east program that sponsored today's event and we thank holly for that. >> thank you. thank you to our speakers. you couldn't have done a better job. i wish michael had been with us to have shared his views.
3:34 am
i know he would have loved the discussions. in the last piece he authored for breaking defense on may 19 of this year, he thought the two sides faced intractable differences and had run into a brick wall. when i read this the next day, i started arguing with him and i told him i think it's a mud wall and not a brick wall. and neither i was able to convince him nor he was able to convince me. he was not 100% pessimistic but he was not hopeful about the possibilities of a deal by november 24. he was still a skeptic when rob and i and our colleague saw him
3:35 am
shortly before he passed away. he was not interested at all to talk about his health. he was interested in talking about the nuclear negotiations and what was happening. michael was intimately familiar with the details of the negotiations. he was present at almost all the meetings of the negotiators in europe. he knew and had talked to most of the principles. and i remember when he went there to talk to the foreign minister, i argued with him and i said you don't have to go just because he wants to talk to you. he said no, this is an opportunity i don't want to miss.
3:36 am
every time there was a negotiators meeting, he wanted to be there and was there and in the last six, seven months, i tried to talk him out of attending the meeting, especially the one in geneva which i think was his last meeting in july of this year but he went. i'm certain if he were still with us he would be finding stories over the weekend. michael was working on a book on the history of the iran nuclear negotiations at the time of his death. he showed me the first 60 pages because i constantly nagged him and i said i want you to show me something. so one day he walked in and gave me 60 pages. and he opened the book with his one and only visit to iran
3:37 am
charting the difficult road that lay ahead. and he was hoping to complete the book by december. we at the wilson center, his colleagues will get hold of the manuscript, we will make sure to finish it for him. but book or no book, we at the center, his colleagues, friends and editors will always remember michael's measured insightful observations as the negotiations with iran go forward. so we are very thankful that you are all here. we are very thankful to the family who joined us this afternoon and please join us for a reception which is in the
3:38 am
dining room. thank you. [applause] [captions copyright national cable satellite corp. 2014] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] >> in his weekly address, president obama discusses the affordable care act's new open enrollment period which began today. u.s. representative brad wenstrup discusses the republican legislative priorities for the lame-duck session and the 114th congress. >> hi, everybody. over the past year, more than 10 million americans have gained the financial security and peace of mind that comes with health insurance. more than seven million people enrolled in affordable coverage
3:39 am
by visiting healthcare.gov, or going to the marketplace in their state. on average, they're paying just $82 a month for coverage. for a lot of people, that's less than a cell phone bill or a cable bill. insurance companies can no longer deny you coverage just because you have a preexisting condition, and they now have to cover free preventive care like checkups and mammograms. if you missed your chance to get covered last year, here's the good news. starting november 15th, today, you can go online or call 1-800-318-2596 and get covered for 2015. and we've spent the last year improving and upgrading healthcare.gov to make it faster and easier to use. if you already buy insurance through the online marketplace, now is the time to take a look at some new options for next year. you might be able to save more money, or find a plan that fits your family's needs even better than the one you've got now.
3:40 am
if you haven't signed up for insurance yet, this is your chance. odds are, you'll qualify for tax credits to help you afford it. but this window won't stay open forever. you only have three months to shop for plans, so it's worth starting right away. and it might make a big difference for your family's bottom line. last year, i got an email from a woman named amy williams, in augusta, georgia. she and her husband are self-employed in the trucking business. for years, they paid about $1,200 a month for their health insurance. then they checked out healthcare.gov. they found a plan with coverage they liked, and it was way less expensive. she says that they've saved around $13,000 on their premiums this year alone. stories like amy's are why we fought so hard to pass the affordable care act. to help more families breathe a little easier. in part because this law is working, health care prices have grown at their slowest rate in nearly 50 years.
3:41 am
and this year, insurance premiums for families who are covered through an employer grew at a rate tied for the lowest on record. so spread the word. tell your friends and family members to get covered. talk to folks in your church or your classroom. tell them to take a few minutes to check out healthcare.gov, cuidadodesalud.gov, or call 1-800-318-2596 -- it can make a big difference in their lives. let them know that it's easy, it's affordable, and that they have just three months, starting today, november 15th, to sign up. together, we can make sure that even more of america gets covered in the year ahead. thanks, and have a great weekend. >> good morning, i'm dr. brad wenstrup, and i have the honor of representing ohio's second congressional district. in the days since the election, republicans have begun to make good on our vow to honor your trust by focusing first on jobs and the economy.
3:42 am
on friday, the house voted to approve the keystone xl pipeline, which will help lower energy costs and get people back to work. we ask president obama and senate democrats to finally give this project the green light that the american people have been waiting for. we'll also work to pass the hire more heroes act, which will encourage businesses large and small to hire america's veterans the very americans to which we owe our security and freedom. we'll take on obamacare and we'll propose that congress -- not the bureaucrats -- has the final say on all new major regulations. this is just a start on getting some important things done in the months ahead. now, after the election, the president may have said "i hear you," but by the looks of things, it's just the opposite. on monday, he proposed a new set of rules to regulate -- of all things -- the internet, one of the few places innovation has thrived, even in a struggling economy. then he agreed with the chinese government on rules that
3:43 am
continue his misguided crusade against affordable, reliable energy. in this economy, we need relief from the epa's grip, not more heavy-handed mandates that take away american jobs and squeeze middle-class families. the president also continues to raise the possibility of taking unilateral action on executive amnesty. we've warned him that such action would make it that much harder to pass immigration reform and find common ground. sadly, there's even more. we've now come to learn that one of obamacare's architects said the law passed because americans were "too stupid to know" what was happening. this is the same arrogance we've seen time and time again from this administration and its allies. this is insulting to all of us. they say one thing and do another. they spend money we don't have with little to show for it but more debt and broken promises. and they stay off course even when hardworking people are stuck earning less and paying more for just about everything. americans deserve far better.
3:44 am
you deserve a government that doesn't just "hear you," but actually listens to you and puts your priorities first -- that focuses on securing more jobs and a better future for our children. that's what you can expect from the new republican majority. thank you for listening, and god bless the united states of america. our takesty's t american tv on the road to learn about history. this week and partner with charter communications to go to madison, wisconsin. >> is probably the most important political figure in wisconsin history and one of the most important in the history of the 20th century of the united states. he was a reforming governor, he defined what progressive medicine was. he was one of the first to use progressive to self identify.
3:45 am
he was a united states senator, who was recognized by his peers and the five great senators in american history. he was opponent of war and war one and stood his ground and stood his ground that advocated for free speech. he was about the people. ofspent the latter part 1890's giving speeches all over wisconsin. if you what a speaker for your club or group, bob would give the speech. he went to county fairs. he went to every kind of event you could imagine. he built a reputation for himself. was ready to run for governor and advocating on behalf of the people. >> we are sitting in the first studio. ght was born in wisconsin,
3:46 am
not too far from here. his family took him to massachusetts for a time. they returned to madison and he growth in madison and spent his teenage years in there. the -- verysome of briefly, the university of wisconsin. before he decided to take on that find his fortune in chicago. he decided he should come out to this part of the country which is where her family was. welsh pioneers spent his summers here. he spent his teenage summers and it is valley. .nd on these hill he got his love of nature and understanding and also his understanding of the topography of these hills. chris watch all of our events from madison at 2:00 p.m. on american history tv on c-span 3. >> a public meeting on government information gathering
3:47 am
and privacy rights. 7:00 a.m., your calls and comments on "washington journal." the oversighty, board held a public meeting examining government information gathering programs and privacy rights. the panel discussions included government private officials and private sector experts. the oversight board is an independent agency within the executive branch and was a recommendation of the 9/11 commission.
3:48 am
>> good morning. it is a 30 a.m. and we are many and the western ballroom and the washington marriott. this hearing was announced on the federal register october 21st. all five board members are present and there is the core and will now called the meeting to order. proceed. what is privacy? the right to be left alone? the desire of personal activity the right to make decisions regarding private matters?
3:49 am
states for intellectual developments and anonymity? freedom from public attention freedom from being observed or disturbed by a others? freedom from intrusion? avoiding public disclosure about yourself and freedom from publicity which places you in a false light stemming from appropriation of your name or likeness and control how personal information is collected and used and freedom from surveillance. these are a few definitions given to privacy in the past i suspect we will hear others. the meeting today we'll form the approach to privacy issues of the statutory mandate. the first will focus on defining privacy interest. the second will consider counterterrorism and the path of technology. next we will hear from government regarding to identify
3:50 am
and address and the final panel is lessons learned from the private sector from the context. each panelist moderated by a board member who will have the opportunity to pose questions. after words they can submit written and questions. but that is for the moderator to pose to the panelists. those agreed to be here today we have a strict timekeeper sitting in front so the panelists are encouraged to keep remarks brief so we have a discussion. a lunch break is between 12 and 1:15 p.m. the transcript will be prepared and put on our web site within a week.
3:51 am
comments from the members of public are welcome and may be submitted through the end of the year. finally thinking of the board's staff, shannon will send, so we will announce the first panel. >> thank you. we will attempt to root explore say to defines to privacy but with the societal interest of the notion of privacy. and has remarked privacy is like the cheshire cat.
3:52 am
we believe that concept is the mess. most commentators to agree that there are aspects of privacy that go back to the most ancient civilization trying several founding fathers but the concept of privacy is a receptacle for a conglomerate of interest of values and individuals. switch to varying degrees they are willing to balance with competing values such as national security. so privacy consist of a situation that courts and legislators or government officials will recognize the privacy interest and to protect or not do that interest against the competing value. they will identify the individuals and the societal interest to discuss how far and under what conditions they should legitimately make claims to the particular interest. the format will be to talk
3:53 am
initially seven minutes. [indiscernible] and that end, i will question them for 20 minutes and that is followed by another 20 minutes. then i hope there is some time left for the written questions that members of the audience are invited to send to the front. you already has biographies of our panelists but i will identify them very briefly. we have the co-director for
3:54 am
national security. >> thank you. i apologize in advance because i have a cold. but thanks for letting me participate in today's discussion. there is one thing i have learned with my own involvement is privacy is difficult did you differnt people david gave a comprehensive list. i am not sure what i would add except for those who are outside the mainstream in this country privacy meeting to be the government can be critical says judges religion and freedom and
3:55 am
speech associations. we value all of those. so what does that mean for our analysis? it is interesting to think about different definitions of privacy and it is helpful to show the range of definitions that are out there. but congress nor the courts should be in the business of attempting a granular definition of privacy for its importance. look at the freedom of religion. courts don't probe what religion is or why it is important not because it is obvious by any means. so what the court does it is a
3:56 am
concept of religion that broad enought to encompass many different roles. information. coming to information and privacy the best working concept that encompasses all of the important interests that privacy serves is control of the information. this concept avoids the why and that's how. and to the state-controlled the papers they are secure enough.
3:57 am
what are some of the ramifications to control mightily what one shares of with whom the to share with my mother or a close childhood friend but that does not mean i have chosen to share that with the entire world including the nsa. --re's a chance my mohter out.r might rat me i did not know about and could be an informant but the downside risk that my confidence and misplaced with the disclosures to everyone in the upper rhone is really what the third party doctrine is. second, you don't relinquish all control over information about your public activities but there is such a thing functionally
3:58 am
speaking with the freedom of information act. there is a privacy section that if releasing it was done to a compromise privacy. the supreme court held in 1999 a rap sheet is coverage despite the fact that all the information is available by diligent combing of court record so why is that so private? the court held while it was publicly available it was practically obscure. it is such a concept that deserves of komen fourth amendment jurisprudence.
3:59 am
but it is practically obscure. when the government uses drones or gps technology and that is a privacy violation. violations happen -- but we have heard with officials that that and is able collection of telephone records because nobody looks at them unless they suspect the government tells you what privacy shed value.
4:00 am
should the point at which the government collects the information is the point at which you've lost control. and for plenty of people that loss of control itself pro deuces harm. had changed ents heir online behavior ann after disclosures. there was another survey of 520 that one riteers show out of six authors refrained from writing about certain topics because they feared surveillance. after new stories broke about the nypd's infiltration, attendance in those associations dropped. in some ways these are some of the worst harms because they're societywide. they impact the way we function as a society, they imporish our social discourse by causing
4:01 am
people to sensor themselves and not put ideas out there. one last ramification of this concept of privacy, if i have time -- i can't believe i have time -- is young people. so i hear it said quite often that young people don't care about privacy. and it's certainly true that many young people go on facebook and share incredibly personal information with 622 friends, but they don't share that information with 623 friends. what they share and the number of people that they share it with may very well have changed. but they still control the sharing or at least they think they do. and my impression, based on a totally unscientific survey, is that they still value that control. so -- the red card. i knew it was coming. i'll stop there. >> thank you. professor daniel sole of is the professor of law at the gw
4:02 am
george washington law center. >> good morning. i would like to make five brief points this morning. the first point is that privacy is much more than hiding bad secrets. one of the common arguments about the people often make about privacy is that people shouldn't worry if they have nothing to hide. i hear this argument all the time. this argument and many other arguments about privacy are baseed on a conception of privacy -- a conseppings of privacy that is very narrow, that sees privacy as hiding bad or discredittable things. well, privacy is much more than that. privacy isn't just one thing. it's many different things. privacy involves keeping people's data secure. it involves the responsible use of data. it involves making sure that when data is kept, it's kept
4:03 am
accurately. it's making sure that people who keep the data are responsible stewards of that datea. that people have rights in that data. and some parts pation in the way the data is used. all these things have nothing to do with nothing to hide. they have nothing to do with secrets. and everything to do with how eir information is kept, collected, stored, et cetera. i think that as we see privacy broadly we can move away and abandon these very narrowly crafted views of privacy. the second point i would like to make is that society is a societal interest not just an individual one. when ballancing privacy and security privacy is auve seen as an individual right and then security is often seen as a social right. when they're balanced, society generally wins out over the individual. i think this actually skews the
4:04 am
balance to the society's side, to the security's side. but in fact privacy isn't just an individual int rest. it doesn't just affect the individual. it's a societal interest. we protect privacy because we want to protect society. we want to shape the kind of society we want to live in. privacy doesn't just protect the individual for the individual's sake. it protects the individual for the society's sake, because we want a free society where people are free to think and eak without worrying about negative cons quenses from that. the third point i would like to make is that the collection of personal data negative cons quenses from that. the third point i would like to make is that the collection of personal data through surveillance and other means of government information gathering can cause significant problems. data collection and surveillance aren't inherently bad. but just as industrial activity causes pollution, government surveillance and data gathering can cause problems. and these problems must be milt
4:05 am
appear. n they some of the problems include, show people's exploration of ideas, it can chill people in many different ways. either they might not say something or they might say something differently or do things differently. and we don't want that chilling when it comes to legal act tivity. the other thing -- the other problem is that surveillance gives a lot of power to the watchers. there's a lot that can be done with a vast repository of data beyond a particular aim that it might have been collected for. data has a way of often being used in other manners, in other ways. i think that another issue,
4:06 am
too, is the level of countability and oversight that goes into this, because it's about the structure of our government and the relation of the government to the people that we're talking about here. what kind of accountability will the government have when it gathers all this information? what limits will there be on the information gathered and used? how long will the information be kept? in a free society, people are free to act as they want to act as long as it's within the bounds of the law without having to justify themselves. you don't have to go and explain their actions to a bureaucrat sitting in a room full of television monitors about what they're doing. they don't have to go and explain themselves when a computer's lights are blinking red because of something that they said and it could be
4:07 am
misinterpreted. people don't have to worry about that. they can act freely without having to worry about how su spishes their actions might look. that is a key component to freedom. the fourth point i would like to make is that we can't adequately balance privacy and security without a reasonable amount of transparency. there's an over arching principle that this nation was founded upon. it is that we the people are the boss, the government is our agent. we can't evaluate what government officials are doing if we don't know what's going on. now, this doesn't mean there should be absolute transparency but it does mean that we need to know something enough to be able to evaluate government surveillance. because ultimately the choice about the proper level of surveillance isn't the nsa's to make. it's not the president's to make. it's the people's choice. we can't forget that. it's the people's choice. and the people must be given
4:08 am
sufficient information to make that choice. my last point is that the government must get buy-in from the people for its surveillance measures. without buy-in people are going to start to take self-help measures which is something that we see happening now. companies are providing people with ways to encrypt their data , to protect it from snooping government entities. this is the market speaking. this is something that people want. this is something being sold to people. people are going to buy. there's something in demand. why? why are people demanding this? because they have lost trust. because the laws regulating government surveillance are weak and do not provide adequate oversight or accountability. this is why strong privacy protections aren't necessarily bad for security. ensure that the people are comfortable, that there is adequate oversight and accountability for that surveillance, and that they're comfortable and know that they
4:09 am
have the information that they need to continually evaluate what's going on. and if they can evaluate what's going on and buy into what's going on, things will be a lot better when it comes to balancing privacy and security. thank you. >> paul is the founder of the red branch consulting program and a senior adviser to the chertoff group. and he was formerly deputy assistant secretary for policy at the department of homeland security. >> thank you i appreciate the opportunity to speak with you today. it is really entirle appropriate for the board to begin a discussion of privacy in this new technological age. in fact, in my judgement it's essential. and the reason for that is essentially one that puts me in some disagreement with my fellow panelists. i think that our conceptions of privacy founded as they were
4:10 am
ck in the 1907s with the fifth are somewhat outdated and don't survive the technological challenge that is we face. the 1973 thunder byrd was a marvelous car but we would not ld it out today as the state of innovation and we would not think today of the fips as privacy. what would that look like? ways to answer that question and i think to by r it you have to begin thinking about what sort of value privacy is. and here again i think i find yself in some disagreement with other members on the panel and perhaps with members of the
4:11 am
board ifment do not think that privacy is an aunt logical val u. i don't think it's akin to religion. it's not an inherent human right or the product of natural law. in my judgment it's an instrumental value, one that acts in the service of other societal values. it's ue till taryn value that derives its worth as it fosters other positive social gains. privacy for its own sake is just an assertion as an autonomy from society. it is a valuable if insofar as it advances other objectives. now, let me kind of put some salt on that. buried in is that the word privacy are many different social values that we're fostering, too many to eally catalog though the
4:12 am
a good job of trying to start. for example, we often see and the discussion here privacy is enhancing our freedom from government observation. that's probably the use that's salient to what the board does. but it also enables democracy. that's why we keep the ballot private. it fosters personal morality. why we keep the confessional private. privacy is also about restraining government misbehavior which is why we see privacy values in the fourth amendment and other procedural limitations on government action. another way in which privacy is obviously relevant to this board. and it's also as dan said sometimes about transparencey in the sense that we have privacy roles so that i know what you know about me. it can be about control, about control of my own image and it's also sometimes about
4:13 am
simply shame. since one ground of privacy is enabling me to keep from the world thing that is i'm not proud i did, of which there are too many i fear. what's important to note is that in all these instances the value that we're protecting that underlies privacy is different from the privacy itself. and that in turn suggests to me that the way to think about privacy is to think about what operational activities would protect the underlieing value most. it means we need to go to a microlevel to understand in general the nuance that arises from the particular interests that is at the core of the privacy that we're talking about. for example, we protect the confidentiality of attorney client communeications. why? because we think we need to foster candor in the discussion between a client and an attorney. that's something that we feel so strongly about that the instances in which we permit that privacy to be violated are few and far between and they come only with the highest level of judicial scrutiny. the fourth amendment itself reflects a similar ue till taryn value of the security of our persons places and things against intrusion. once again, we impose a high bar of probable cause requirement and a strong independent outside adjudicator, a judge issueing a warrant. but those aren't the only mechanisms by which we can protect privacy. we have a series of administrative processes that are often adequate to protect and restrain government obs
4:14 am
vasion. they're embedd in many of the internal reviews that are very common in the ic -- in the intelligence community that you spend your time reviewing, they're common in virtually every institution of government that we have at least at the federal level that i'm familiar with where we think that administrative review internal oversights inspectors general, intelligence committee oversight are adequate alternate administrative mechanisms. so what does that mean for some of the things that you think about? let me look at the two programs that you've written about and just kind of express something there. the 215 program is one that directly impacts issues of government abuse or potential abuse because of the pervasiveness of the collection that underwent, that was there. it strikes me that that sort of pervasive collection is one that would require a strong
4:15 am
independent review meckism because of the comprehensiveness of its activity. by contrast, the 702 program would -- which seems from what i read from the outside from your reports more narrowly focused is one in which less error correction mechanisms are necessary, less likelihood of advertent abuse is there, so those if you press on what is being protected you get a sense of beater way to protect it. let me say one brief word about transparency. completely agree with others on the panel that transparency is necessary to control misconduct . but the critical question is what type. nd this requires
4:16 am
4:17 am
even when we're not disclosing
4:18 am
information explicitly, more and more of what we do on line and off is recorded. an on line services often attach unique identifiers to recordings which is used to link them up again later. the second stage merges the datea. if two files can be determined to correspond to the same person, for example because they both contain the same unique identifier, then those files can be merged. and merging can create an avalanche effect because merged files convey more precise information about identity and behavior and that allows further merging. merging those files links behavior and identity together. the third stage of the pipeline uses big data methods such as predictive analytics. e famous example is when
4:19 am
stores use sales of an item. inferences can have an avalanche effect because each inference becomes another data point to be used in making further inferences. predictive analystics are most effective when many positive and negative examples are available. target used many examples of both pregnant and nonpregnant women to build its predictive model. r example, that terrorists would have much less success because there are few examples of known terrorists in the population. let me discuss a few implications for privacy. first, the consequences of collecting a data item can be very difficult to predict even if an item on its face doesn't seem to be conveying information and even if the contents seem harmless the
4:20 am
collection could have substantial downstream effects. we have to account for the mosaic effect in which isolated seemingly isolated information combines to create a picture. the power of the mosaic effect. to understand what follows from collecting an eyes m we have to hink about how that item can be merged with other available data and how the merged data can be used to determine information about people. the information that the holder of a certain loyalty card account number purchased skin lotion on a certain date might turn out to be the key fact that unlocks an infrens that a particular identifiable woman is pregnant. similarly, phone call meta data when collected and analyzed has been shown to enable predictions about social status affiliation employment health and personality. the second implication is the data handling systems have
4:21 am
gotten much more scomplicate especially in the merging and analysis phases, that is after collection. the sheer complexity of these systems makes it very difficult to understand to predict and to control how they behave. even the people who build and run these systems often fail to understand fully how they work in practice. and this leads to unpleasant surprises such as compliance failures or data breaches. complexity frustrates oversight, it frustrates compliance and it makes failure more like lifment despite all best intentions orgizations can often find themselves out of compliance with their own polls sizz and obligations. complex systemless often fail to perform as desired. complex rules also make compliance more difficult. it's sometimes argued that we should abandon controls and focus only on use. collection limits have important advantages, too. for example, it's easier to comply with the rule that limits collection than one that
4:22 am
allows collection and then puts elaborate limits on usage afterwards. and collection limits make oversight and enforcement easier. limit and collection can also nudge agencies to develop innovative approaches while collecting less information. the third implication is the synergy between commercial and government data practices. as an example commercial put unique identifiers website accesses. and evesdropper collecting traffic can use these identifiers to link the user's activity across different time and online sites and an evesdropper can use those identifying information. even if the user switches
4:23 am
locations and devices as many users do, an evesdropper can econstruct 60 to 75% of what a user does on line and can link that to a user's identity. final point is that technology offers many options beyond the most obvious in the data, ll then analyze and ng it later.
4:24 am
and here i think paul's analogy a the 1973 thunder byrd is good one. we would no longer accept the that were nologies available on that vehicle. owadays we expect air bags, we expect ant lock brakes we expect crumple zones, we expect the latest technology to reduce risk. and we should ask the same when it comes to privacy. we should ask agencies to use advanced technologies to limit how much information to collect, there's a large and
4:25 am
growing literature on privacy preserving data analysis and methods. determining whether collection of particular data is truly necessary, whether data retention is truly needed and what can be referred, these are deeply technical questions. in the same way that the board asks probing legal and policy questions of the agencies many independent technical experts in groups are able and willing to help you build this capacity. hank you for your time and i look forward to your questions. >> thank you. >> ok. for the next 20 minutes or so
4:26 am
m going to pose some questions to the members of the panel and i will pose them to a then if r member but ne of the other members have something very cogent -- everything you say is cogent -- feel free to contribute. let me start with you. our constitution enshrined certain aspects of privacy in the fourth eafment security of one's home and papers from unreasonable search and seizure and protections from general warrants. but are there other aspects of privacy that the advocacy community leads toward legal recognition and judicial oversight or can they all be encompassed within the bounds of the constitutional guarantee? >> sure. >> and if so, what are the ones you think ought to be specifically recognized, protected? >> sure. to start with i suppose the obvious. the fourth amendment applies only to the government. it's a restriction on the government. it's not a restriction on private parties. and irning there's absolutely a place for private entities and how they control, acquire and control people's information, because the market doesn't always do a great job of many things and although it does a great job of other things. but we certainly know that people are not 100% satisfied with the privacy protections
4:27 am
that have been provided by the private sector and that falls outside the fourth amendment but is deserving of regulation. >>ber you go on. there's another question but it leads directly from this. we hear an awful lot about the commercial acquisition of so much personal information and what they do with it and in fact the argument is sometimes made, look, don't worry so much about the government. some of the private -- google, some of the communications, the internet have great masses of data. do you think that there's any significant difference in the risk to privacy that are displayed by the holdings of so much personal information by the government as opposed to private entities? or is it like too big sflr i do think there's a difference. i think the difference may be getting smaller but i think there is a difference. private companies do not have the same coercive power over the individual that the government has. and private companies and private entities don't have the same moat vasions for -- to persecute people based on ideology or religion. these are things that we have seen in the history of this country, unfortunately. we have seen people targeted because for surveillance because they were political enemies of the ranging administration. so what i would say is that private entities have neither the ability nor the motive to throw people in jail on pretext because they are politically opposed to the current administration. that said, i think companies -- the line between big companies in this country and governance is getting thiner and thinner, and certainly companies might axes to political
4:28 am
with respect to the workforce and they certainly have acsess to people's information. i am not in the least bit unconcerned with the private accumulation of information but i remain more concerned with privacy vis-a-vis the government. >> now, you wrote in something in an article called conceptualizing privacy. you went into a little bit in your private remarks. there are 16 kinds of act tivities that represent privacy risk. privacy itself has six aspects and they're all defined too broadly or they're all defined too narrowly. so you concluded, if i read it correctly, that we should concentrate on specific types of disruptions to those interests. and what should be done about that. can you apply that kind of framework to the kinds of collections -- protection -- that we need in national security data and surveillance
4:29 am
programs in collection processing, identification, secondary use, all of the other thing that is you talked about in your article? >> yes. actually, in what i wrote, i talked about privesy not being just one thing and having a common denominator but being a pool of common characteristics and actually applying to what i laid out was a tax on my of privacy about various types of problems and i wanteded to focus on the problems or areas where certain activities cause disruption. they have caused problems and we want to mitigate those problems and what are those problems because that's where we want to step in and say, hey , we should address these problems. it doesn't mean that the activity that is cause them are bad. but it does mean that they do cause the problems we need to address. some of these problems that relate to government data gathering include, one, is aggregation, that you can take
4:30 am
a lot of different pieces of data each one being particularly innocuous, not really saying a whole lot about somebody, but when you combine them you can learn new facts about somebody. this is what data mining is about. the whole become greater than the parts. it starts to create a mosaic, a portrapet of somebody. this leads to the revelation of information that someone might not have expected or wanted when they gave out little pieces of information here and there. and i think this causes a problem. it disrupteds people's privacy expectations. it can lead to knowledge of information that people don't want exposed. or that society might not want exposed. and so i think we need to address that problem and oftentimes conceptions of privacy will ignore aggregation because they'll say well the information all were different facts that were gathered from public information there's no privacy. but i don't think that's true.
4:31 am
i think we really want to look at what the problems are. if we look at the problems, there's a problem here. another aspect is a problem i call exclusion, which is the fact that people lack an ability in a lot of cases to have any say in how that information might be used against them. any rights to correct that information or to make sure that it's accurate. that's a key component of a lot of privacy laws is a right for people to make sure that proper decisions are being made about them based on information. i can't go through all 16. i can hit some others. one is identification, the fact that this involves linking a body of data, what i call didgetal dose yea to a particular individual by identifying them you actually are connecting them to data that then can be used to make decisions about their lives. some decisions could be good.
4:32 am
but some decisions could in fact be harmful to an individual. security is another issue that i see as related and part of my tax on my of privacy and it's keeping data secure. and when data isn't kept secure it creates risks and vulnerabilities to people that could expose them to a lot of harm if in fact the data is leaked improperly. and that happens all the time. and we're all at risk when all this data is gathered together in a big repository. there are a lot of other things but i will stop here because in the interest of time. but these are just some of the ways that the tax onmi addresses this problem. i think it's important to think of the overarching point is don't start with some platonic concept of privacy and see what fits in it and what doesn't. i think it's better to look at things from the bottom up and say where are the problems here.
4:33 am
what are the problems and harms that are caused by these activities and how do we address those harms? >> if i could make a brief comment. i would agree with everything that dan said but i would also say also look at what the benefits are. the president's report on big data looked at the increase in the volume velocity and variety of data and championed the idea that large-scale data collection creates sarin dip tuss knowledge that is of value. so it brings harm but it also brings with it benefits. and that's why i see it as kind of a cost-benefit ue till taryn analysis. >> ok. go ahead. >> one thing quickly. it is a human right. it's listen in the declaration of human rights, in other treaties and protocols that the united states has signed and have the force of customary
4:34 am
international law. so whatever one's personal feelings about that i don't think this board has the -- tude to decide that it's not all these treaties we signed declaring it as a human rights are void. >> defining what's included in that human rights is one of our problems. >> one small point. that is i think i totally agree about the benefits of big data and the use of these things but i think often the balance is wrongly cast between -- the benefits and let's weigh it against the harms. because protecting privacy doesn't mean getting rid of big data or not engaging in surveillance or not doing the search. fourth amendment allows searches and surveillance. it just rishese certain oversight. so we need to look at is not all the benefits of big data against privacy. we need to look at to what extent to oversight, accountability, and these
4:35 am
protections on it -- to what extent do they diminish these benefits? and that is what gets put on the scale against privacy not all of big data's benefits. and i think if we weigh that appropriately, then i think we get a better balance. >> all right. very briefly. >> we don't get to weigh these things denoveo when it comes to the fourth amendment. struck.nce has been the government can't say we do searches. we don't have a wasn't but we have a good reason. that ballance is struck by the drafters of the fourth amendment. in a vast majority of cases there are exception bus you need a wasn't based on probable cause of criminal activity to do those searches. this is not starting from scratch. >> let me -- your approach, and you talked a little bit about this. your approach for balancing privacy and national security has i think been termed instrumental or consequential.
4:36 am
but in one of your articles you talked about, you thought limiting the right of somebody to complain or to go to court et cetera to intervening on the basis of when they are suffering a tangible harm like a wasn't or being called before the grand jury as opposed to professor sole as of views of privacy as a kind of foundational value recognizeable in its own rights. yet you also recognize in some of your other works the significance of some aspects of privacy to a democratic society now all of you have talked about it isn't just an individual right, it's a right that an open society needs. starting with even the necessity for people developing their personalities in an atmosphere in which they feel free to experiment a little bit to have relationships, to talk
4:37 am
without feeling they're constantly being judged by the government or society. i'm wondering how you reconcile your rec nigs of the aspects of privacy that are necessary to a democratic open society with this notion that we really shouldn't start intervening until somebody is suffering some tangible harm. >> thank you for the question. i think that the -- i don't see them as irreconcilable because i see the question about the adversity of cons quens and the error correction mechanisms as critical to the first part of your question, the inhernsy of the value. to see that i sort of sometimes use a thought experiment, which is what if in some hypothetical world, which i assure you does not exist, the government never abused anybody, never actually misused the data that was
4:38 am
collected, never went after lists of enemies, no persecution, and never made a mistake. now, granted that's an mpossible standard but if that were the instance, then in the long run the values that underlie the democratic values would be supported and people would no longer fear the collection because the lack of adverse consequence or the by hypothesis 100% would have gone away. so to my mind the way to support the value that is we see in the underlying democratic sphere is to build the error correction mechanisms, the audits, the oversights, this board into the ocess that in a way that reassures society as much as possible that we're driving down the errors of -- and frankly both types, the false positives and the false
4:39 am
negatives. but this board is principally concerned with the false pozz tist. driving down the errors as much as we humanly can. we don't eliminate programs because every program, every human endeavor has the possibility of error. we arm police officers even though we know they can sometimes misuse their weapons. we try to drive down the error rate as much as possible so we engender people's confidence in the police. we see sadly these days exactly what happens when people's confidence in police is not maintained that our error correction mechanisms are deemed by society inadequate. and i think we're sort of seeing some of the same thing in response to the snowden disclosures as well. but that suggests to me that the right way to support the underlying values is to go back and think about how to fix the error correction mess mechanisms. that me pursue one thing
4:40 am
you brought up earlier, and that is -- which has come up up in some of our past reports and is bound to come up in future ones, i think. and that is at what stages -- or if you would go into more about the point in which urning an independent review of decisions outside of the government's internal auditting and processing are necessary to ensure that you have this kind of trust by the people that government is not takic risks through its privacy? and in terms of what you yourself suggested the history has got some lessons for us on the trust us aspect. >> well, i certainly don't dispute that we've had failures in the past. ybody who would dispute that hasn't read history.
4:41 am
i would say that there's no one size fits all answer. it really depends on the harms involved and with a you antiss pate the failure mode would be. two examples. n the one side we have the current tsa inspection programs at the airport. probably fairly significant error rate of false positives pulling people aside for secondary inspection. on the other hand, a comparatively modest intrusion. and i say that knowing that many people think it's a very large intrusion but nonetheless comparatively modest compared to the coercive nature of being put in jail, for example. so in that instance we seem reasonably happy with a principally administrative meth oddology that doesn't require any outside check because individual liberty is not at issue, long-term confinement is not at issue, the degree of harm is small. by contrast, you will infer
4:42 am
that i certainly think that is essential view whenever people's liberty is at stake, when significant aspects of livelihood are at stake. i think one of the strangest things i see is that we seem to get all wrapped up about things like the tsa screening and we don't look at how government data bases are used to deny employment to people. you can't get a job in the transportation industry with a record even if the record is itself rife with error because of the transportation work right. so i think we have it backwards a little. and that would be an instance where an independent review of some sort for somebody who is denied employment in the nuclear industry or the transtakes industry would be right. so putting that in this context i certainly think that any time there is an adverse consequence to an individual that we get to -- oint where there's a
4:43 am
room for a scombrirble intervention, an independent intervention. that's why i sort of like what the president has done in adding the reasonable art clabble suspicion trigger to the querying of the 215 data base because that's the point at which some individual becomes out of the mass pulled out for individual wutted scrutiny and that's the point in which he begins to at least suffer the risk of adverse consequences. so i like that as a transition point. >> mr. if he woulden, you've for about independencey institutions including the government to build ever larger data bases and then to aggregate them. and i think you've said either today or in some of your writings that there are inherent risks to privacy interest when the data bases get larger and larger and gate ially when they ag
4:44 am
thells them. so i guess my basic question to you is, what are the principles that -- what are the principles that you recommend as a protecting rt for privacy in the and the increasing use of technology in this field? all along the way from collection, aggregation, whatever you think? if somebody wanted to design a ystem in broad concepts that maximize privacy but took adequate concerns for security? what would they look to? >> sure. well, i think the first prince would be to try to look beyond the most brute force technical approach, which is collect all the data that might turn out to be useful and retain it all in a single large data center for as long as you
4:45 am
can. the more data you have, the more you collect. the greater the adverse consequences could be the greater the risk and the more of a target it is either for abuse or for breach. so the first principle is to try to fit the practices to the specific need to think in terms of what kind of analysis it is that one -- that you know you need to do and figure out which data you can collect and how you can structure a system in a that analysis while collecting less data, holding the data more separately, and preprocessing or minimizing the data first. and there's a growing array of technical methods that can do this. nfortunately, this becomes a technical problem.
4:46 am
so the key principle here is just simply to insist that that technical work be done to try to architect the system to mum of and hold a min data. >> who should do that? the government or private industry? >> in my view, if say a -- if a government agency wants to argue that they have a need to collect and use certain data there should be some onus on them to justify the technical practices they're using to justify the amount of data collected, the way they're organizing it and so on, that those who would argue for a collection and use of data should be prepared to discuss these issues and offer a technical justification. when it comes to private parties, that's a more complicated discussion. think that the best practice
4:47 am
in industry ought to be to do that as well. although obviously the legal and market mechanisms that drive that relationship are very different. >> my last question i'm going to throw out and you can all take a whack at it if you want to. but several of you, and i think you especially have talked about the element of control of information as being so essential. but then some other people have written in the field have said well that certainly can't be an absolute value. there's got to be balance. we wouldn't be able to have any kind of national security programs if indeed everybody said well, i'm keeping control over that piece of information. i don't want anybody to have it. so how do you -- what kinds of principles would you apply? because i assume you recognize that some balance and even as
4:48 am
paul pointed out that even in the fourth amendment there's an unreasonable clause which gives you a kind of balancing if you will crumb to talk about. how would you handle that? and then everybody can take a whack at it. and then my panelists will take some more whacks. >> so as i said before, i think n the vast majority of circumstances, the way it should be anyway, the drafters of the fourth amendment did that balancing for us and gave us what the government had to do to override the privacy right, and that is to show probable cause of criminal activity. there are some very narrow exceptions that the supreme court has recognized some of which are controversial, some of which are not. and again, so we're not starting from scratch. we have to follow the supreme court case lau here and we can't just say i think this particular search was reasonable even though there wasn't a wasn't. if it doesn't fall within a
4:49 am
delineated exception, you have to get a wasn't based on probable cause. within those there is room for balanceing. what i would say about that is first of all the courts do their balancing when they do a review but congress has a role as well. and when congress does the balancing, on behalf of the people, i would agree with what i believe dan said, which is this is a choice for the public to make. this needs to be a public choice and an informed choice, not a choice made in secret by a small number of officials but by the public because this is a democracy. so we need to have the information about what the security threat is, how that threat could be mitigate bid the collection of this information, and what exactly is going to be the effect on either side. the other quick point i would make is that in balancing tests, national security is too often a trump card. the words are uttered and we're done. the kateo from
4:50 am
institute made an excellent point. when you look at how courts weigh national security against 's rights.dual you need to address national security at large and weigh writ large against the value that privacy serves in our society. when you think about it that way national security shouldn't be a trump card. if we talk about these values as being in competition. i think the evidence for the most part shows that targeted surveillance is more effective than dragnet surveillance. but when they are in conflict there needs to be a fair and public balancing. >> thank you. i'll let everybody have a shot at this. so you can go down the line. >> thanks. i think in thinking about these issues of control, it's important to recognize the ways
4:51 am
reassert eople try to control even if they don't have it legally. and i'm referring specifically to technical self-help measures that people use to try to limit the flows of information, to try to obfuse kate identity and behavior as well as strategic behavior in which people avoid doing certain things or deliberatively do certain things in order to present a different kind of image to whatever it is they worry is looking at their data. and these things have substantial cost. if you're going to do a balancing like paul was talking about, i think you need to take into account the ways in which resources are spent and sometimes really wasted in a kind of arms race between self-help and strategic behavior on the one hand and attempts to overcome that on the other side. and those costs can often be
4:52 am
substantial. just ask any teen ager about their on line use and what you will hear in privatesy what you will hear is an elaborate story about technical counter measures and strategic behavior. >> paul. i think your point is generally well taken, which is to say that fundamentally the notion of control is at odds with government collection information, whether it's for the purpose of imposeing a tax under the i.r.s. or law enforcement or national security. that doesn't mean that it's not an important value. it is one that many would advance and i see no reason to discount that at all. but in some ways if you advance that as the touch stone of what you mean by privacy, you're setting privacy in opposition to effective government action in a heast of areas where people might reasonably want to
4:53 am
control. i'm sitting here as a republican on the panel thinking of all the friends i have who are second amendment people who think that the government should not collect any information about their gun ownership and that's a perfectly reasonable position for them to have. it's not one that we currently accept as a society. and the last point i would make, which is just in response to -- she's mentioned it twice. but when i was last in government, the percentage of searches that were conducted without warrents was actually quite high on the order of 50%. now, i don't know if that's changeed much because it's been a while since i've been a prosecutor, but many if not most of our typical interactions with law enforcement are adjudicated on an expost reasonableness standard wrather than an ex ante wasn't standard. i don't actually have the datea
4:54 am
so i can't say more but i certainly seem to recall that it's always a pree, as opposed to a post, activity review. >> the last one. >> a few quick points. even if you can't always give people a totele control there are certain partial things you can give people for control. it's er thing is that not just people being in control. it's that the uses and gathering of the information is under control. that's another important thing bout that is appropriate oversight and accountability and controls on that gathering, too. on the fourth amendment, i think that it would be wrong just to track existing supreme
4:55 am
court interpretations of the fourth amendment which i think are a lot of times laud in a lot of cases. i think there are a lot of exceptions to the wasn't requirement, a lot of instances where the fourth amendment doesn't even get applied at all because the court has this platonic conception of privacy that is incredibly narrow and that's how we get a lot of bodies of fourth amendment law that often take the fourth amendment away from any kind of approach. the fourth amendment is i think a ue till taryn balancing. it says baseically the right to be secure against unreasonable s and seizures. and it actually doesn't say privacy it says a right to be secure against unreasonable searches and seizures. i think that means that any time the government is engaging in searchs and surveillance and gathering information, that it is unreasonable if it is creating problems that are not adequately dealt with the right amount of oversight and account ability. and that's really what the fourth amendment is trying to ex pose there, a justification to gatsdzer information, such as a wasn't and probable cause, or appropriate oversight to make sure that an independence nt judicial body looks at what
4:56 am
the government wants to do and eval wuts it. i think it's very important that we conduct the balance between privacy and security appropriately. i'm not a privacy absoluteist. i think there should be a banls. but i think it's very important that when we balance, we balance it correctly and not incorrectly and that we don't skew the balance too much to the security side by overweighing the security interests because it's not the entire security interest on the scale. it's the marginal difference between a security interest without certain kinds of oversight and accountability and the security interest with oversight and accountability. and i think all branches should be playing a role and have a role to play in this. congress in the 1970s had the church committee which did an extensive review of intelligence agencies, produced a very elume gnative public report about that. congress hasn't done anything
4:57 am
quite like that since. i think it should. i think the judiciary has a role to play. has a role to dy play. think the people ultimately this, re the key to all they have a role to play. >> thank you. we're now going to have 20 minutes of questioning from my fellow board members. i think i will start with the chair and then we'll -- >> thank you. liza raised a question about the proper standard for privacy and referenced the katz. and how some ways people rely on practical obscurity because the government is too complex or burdensome to gather information. some ways in a computer age we're beyond that which is the court file gathering dust now is easily accessible and public. the question is how should we look at privacy issues when public data bases are so
4:58 am
readily available and there's also a reference to the fact that the line between government and demerble data bases isn't always great and the government can access commercial data bases? how do we look at privacy when the information is out there is publicly available but yet as ed pointed out you combine it into a mosaic and it can create a very detailed profile? and should the government be collecting that information? so what standard should we apply in this context? what's the katz 2014 version as far as how the government ought to recognize privacy issues? >> whoever wants to tick it. -- take it. >> i might note that timewise we're going to have about five minutes. >> and if you could give us -- >> so if you could keep your answers or your comments relatively brief we'll make sure everybody gets the full component of time. >> i think that right now
4:59 am
what's been known as the mosaic theory that we see in the concurrent -- the concurrences to the jones case in the supreme court are starting to look at this very, very question. i can't really answer it in a few seconds but i think it's to look at when we combine various pieces of date ave what are the implications of that and when does the combining of that data reveal new information that can create certain problems and harms to people? and that's where we want to step in. >> i would make two quick points. the first is of course that practical obscurity is itself sort of a post industrial concept. if you were in a medeival village back in the 1200s, there was no practical obscurity. you were limited to who you knew and they knew everything about you pretty much. that the data abrogation system was the coffee clutch where everybody talked to each other. so in order -- in advancing practical security we're
5:00 am
advancing a value that we tend to value more now. i think dan's exactly right. the missouri ache is real. it gsh to deni that is the most likely points of intervention are at the collection or aggregation or the use of the aggregated data. you can't do it at collection databases are there. they are so vague it is impossible to stop unless you're going to keep google from collecting. we are going to have a data collection. >> just a quick note, i remember -- agree with most of what has been said. is tor way to look at it say the information that is being gathered and the using normal
5:01 am
powers of observation would be in someone's control. that the point of collection is a moot point. the mere fact that google has all of this information and facebook has all of this information does not mean the government has all this information. there are new tech knowledge he's -- technologies. there are still plenty of room to regulate at the collection point. i will be very brief as well. the other what panelists have said, i would point out that much of the information of that is in corporate databases is information that was observed rather than disclosed. consent.not always
5:02 am
it is very thin from the person who the data is about. i don't think you can always in further there was an awareness. you can't inferred that information is in a corporate database. might not know it was going to the government and used for government purposes. >> should government not collect data under the circumstances? >> i hesitate to make a legal opinion here, not being a lawyer. that's why you're here. i get very nervous when there is a legal fiction that something has happened when it is clearly not happening. a fiction of consent or that the mosaic exists are troubling.
5:03 am
>> thank you for being here. going back to this notion of you went to the fourth amendment concept. i am interested in whether the notion of control that is embodied in the individual per dissipation concept can apply in the national security context. noted that individuals might not -- consent to being observed. if that was the standard, then you could that have surveillance programs. the fifth is on top of whatever the fourth baseline is. allthis notion of apply at
5:04 am
in the national security context? >> i think it can apply. because i am thinking of some of the premises of the question. it is not the case that people don't consent to the disclosure their information. the government can obtain your information with a want based on probable cause. >> we are layering on top of the fourth amendment. the reason i ask is if the nsa publishes a report on targeted data collection, they said they were applying. what i am wondering is if the fifth is not the right framework to apply in this context. this is individual per dissipation.
5:05 am
-- individual participation. >> i would like to think about that question. i want to think about it a little bit more and it put it in writing along with my testimony. >> i have a thought on it. i think the fifths model has some flaws to it. people don't read the privacy policies of companies in most cases. ist providing a notice effective. we need to think about what works in this context. cases wes in certain might want individuals to play a greater role. i think if you are on the tsa no-fly list, you should have a right to be heard. there should be redress and challenging being on that list. i think some of the fifths make a lot of sense. security makes sense. other ones might not. i think the larger component of all this is there is adequate
5:06 am
-- it is not really feasible under our -- certain things. there's greater transparency. there is a public accountability and a generalized disclosure about what is going on. >> i thought that the acknowledgment in the nsa report that some of the phipps principles could not be implemented in the context of a national security surveillance program was an accurate acknowledgment of reality. you can't provide error correction notice in all circumstances. i was talking about the secondary screening in the no-fly list. you is going for
5:07 am
to be tried figure it what the underlying values are and how to get at those in this context. i think the underlying value is prevention of a governmental abuse, that is what animates everybody in this sphere. the types of accountability and transparency that you have to help build our ones that match the operational needs of the security system while providing protections. we tried that with the intelligence committees in the post church commission modifications of. we might call that delegated transparency. we trust the congress to do it right. we are less willing to do that now. i am not so certain that is a good impulse. board, maybe it is the judicial panel with a
5:08 am
cleared advocate in front of it. there are a lot of mechanisms that of the transparency could be imagined that would achieve the objective of controlling against governmental abuse and misuse while not completing -- completely frustrating the necessities that i think we see as remaining very and --. we are thinking about what the use case scenarios are in building and enhanced ribas he protections on a technological level. you can have as much of your cake and still get to eat some of it. to the extent that a particular principle from the phipps might be difficult or impossible to apply in this setting, it seems there should be a greater obligation to
5:09 am
further the goals of that principle. if you can't offer the right to control or correct errors in the could imagine asking for greater effort to ensure the correctness of the data as it is for extra safeguards regarding the possibility of error. >> thank you. ?> any thoughts very briefly. agree.ink i would what i am struggling with is how much are we giving up on this collection, which i'm not quite willing to do. ofgo back to the issue surveillance and controlling information. i still want to go back. this is something i've not thought about enough. and look moreack
5:10 am
carefully. it sounds to me like the best approach. we will be glad to. i want to remind the audience that if you have any questions, write them down. if they will bring them up to me and i will -- ok. they're coming. >> thank you all for this forum. i was struck by the mosaic
5:11 am
theory. we are transparent in seemingly this great way and are adversaries are trying to get information. establishment would argue that the mosaic theory is -- in need to understand it to understand collection. to understand exactly exactly how the apparatus works. be able too aggregate information. you can agree or disagree, but i was struck by the different applications of mosaic theory. i want to start with you, professor. i was interested in your notion of moving away from the brute force collection mechanism. is one whereon 215 the government has made the argument that they need the brute force collection and the
5:12 am
retention in order to identify previously unknown things. have you given thoughts to whether there are technological ?ptions available can you be more specific about collection options? >> with respect to the section it, it is collected by the phone companies initially. if thes a question information needs to be transferred in bulk to the intelligence community. it is clear that as a technical matter, the kinds of linking and the intelligence agencies want to do can be done technically while the information is still held by a
5:13 am
third party such as the phone company. requires a modest amount of technical coordination. to reach in and extract the data , that is the kind of thing we can be done. there is further work that is more technical that goes to questions of advanced cryptography to allow the same analysis. those sorts of methods are developing. there is some interest in the technical problem of how to do this in the independent research
5:14 am
community in light of what we learned about publicly section 215 programs. >> our biggest challenge is taking the concepts we are talking about today and developing practical, feasible recommendations that can actually be implemented. >> you both talk about risk mitigation. assuming there are going to be arms, how do you mitigate those harms. what have you found to be the most effective mechanism for mitigating risk? is it retention?
5:15 am
>> i think it is not really just one thing i can point to. those things are all very valuable. to make sure the information is accurate. when it's grabbed from one context to another, what is accurate enough for amazon to recommend books is not the same level of accuracy we might not want from the government. amazon makes a mistake and recommends the wrong books you, a deal. it doesn't need 100% accuracy. we accuracy differs as differ in context. mechanisms need to make sure that the information taken from one context is appropriately accurate for that context. we need an analysis of how long we keep the data.
5:16 am
we need all of these different things. it is actually a complex thing with much -- many parts. >> there are many moving parts. since therspective, threat is a governmental, the pencil factors that i would focus on the team to focus on the government actors, training in the first instance so they know the rules and inculcating a culture of compliance that is pre-error mechanisms. a lot of on it compliance work from outside inspectors general
5:17 am
finally,ess and then this is perhaps where we fall down the most, the willingness to impose administrative sanctions on people who very from the accepted rules. nothing attracts the attention of a government employee so much as a prospect of losing his job or been suspended for a term of months. that may be where i would focus. if we look at the failures of we see-- compliance, some of them that are individual employees doing things they shouldn't. we've also seen some that are failures of the technical consistentlyhave with the internal policies.
5:18 am
operate without getting into the. nuts and bolts of the technology. -- i think there is an opportunity to push an oversight in that area. >> it's moved to jim density. >> thank you to all the witnesses. i think it is very important as we wrap up this panel to highlight what i heard a lot of commonality. i think it is important for the board and the public debate moving forward not to end up at the position that this is confusing. i heard a lot of commonality among the witnesses starting
5:19 am
-- i think you all agree that if you start from the premise privacy is a human right or if you start from the premise that it is an instrumental right, all of you agree that it is an umbrella term that covers many different values and interests. let the reflect -- record reflect knotting. i think i heard unanimity bird
5:20 am
by giving information to one interest inlose all information. the disclosure to one surrenders her right with respect to disclosure to any other purpose. there was agreement that that concept disclosure to one is disclosure to all is not a valid constitutionally modern-day reality. that just doesn't fit with the way we view it -- information and privacy. that disclosure to one is not a surrender of all interest in the information? i would say that the people interact today, it would be
5:21 am
inappropriate to assume disclosure. i am not sure i would agree with what is implicit in your follows thatt it it is a constitutional legalicance or significance that should animate this board a. i want to think about that. >> giving your information to your doctor does not mean you have disclosed your privacy rights. we promised them that their medical disclosures are not disclosures to all.
5:22 am
>> that is a wonderful example because we accept statements made to a doctor as an exception from the hearsay rule because you're motivated to tell him the truth. the doctor can in some circumstances be compelled. those realities work both ways. not collected. there have been several witnesses mentioning the phipps. we are talking about the fair information practice principles. there is no definitive version of them. a version that was adopted at by the department of .omeland security in 2008 this is as good as any i think.
5:23 am
it seemed to me that there was they are relevant as a framework asking how to deal with information. does it work? if it doesn't work, you compensate for it with more emphasis on other issues. it is a framework for asking the questions. >> it is a framework for a starting point of asking questions. many of those questions don't withstand the technological transitions we are going through. accepted it as a going off
5:24 am
point. we may discard some of them as inoperable under current circumstances. >> what would you replace them with? the remaining aspects and to my mind, more analysis of the interests at stake and what the mechanisms are that the privacy interest is we have to protect. fipps is one-size-fits-all. >> we have a couple of questions from the audience. i'm not sure of we will get to all of them. and directrbitrary
5:25 am
them to a particular panel member. one, the writer wanted to direct toward you. the government gets telephone metadata, what has more regulation? the private entities collection or the government likes and from the private entity? >> i don't think i can answer that. and you'reormation in contact with that -- contract with that company. problems with the metadata program is there was no reading of the contract or the section of the patriot act that would've enabled any person to know what they were consenting
5:26 am
to and at their information would go to the nsa. >> the answer is both? >> there is contractual regulation. there is the fourth amendment and all matter. there is lots of regulation everywhere. private companies have no incentive to coerce or imprison risks ofhat is why the injury might be greater from the government than from private companies. does that take into account the homeland security prison industry? they could not do it they do without 484 contractors. are there risks inherent in the
5:27 am
increasing commercialization of national security? >> problem's can come from anywhere. they are not inherent things that could be said about where problems could because to. . does the access by the government great problems? you see a cooperation in the private sector that is going up to perform government functions. they are gathering and analyzing data and then sharing it with the government. all of these things create various problems that we need to address. keep our i am the problems and stop looking elsewhere and look at the problems. we address those problems wherever they may happen. that is the best approach.
5:28 am
could the panelists -- iss what they think know you have covered a great deal. just a summary would be great. the question is asking me to sum up a whole area of knowledge. i will try to do. that as with cars, as with the tesla and some type of high-end car, you should think about what technology is available and a reasonably radical to use to minimize or control or limit the risk of certain information. you can ask that those be there.
5:29 am
an entity ask that that wants to collect and use the information be willing to justify the choices they have made be willing to justify why they did not use some accepted technical privacy preserving one, what the method if it's available. application of privacy in federal organizations like the postal service? pension benefits? how they impacted by the fourth amendment and concerns for privacy in those organizations? the honest answer would be i'm not sure. my understanding is that the fourth amendment applies to
5:30 am
those institutions as they exercise governmental authority and acting as agents for the government. assume postal service employees can't open your mail willy-nilly just because they are pseudo-private actors. i may be wrong about that. , jim ista open my mail nodding that i am right. question,ation of the is it emphasizes the point allies a maid. the line between government collection is increasingly blurring.

5 Views

info Stream Only

Uploaded by TV Archive on